1

I am reading these two posts 1 2, and following step by step. I almost understand, but I still have some questions.

  1. Before signing, input script should be removed and replaced by pre locking script. In the last, SIGHASH should be appended. in this time, SIGHASH is 4 bytes(0x01000000). However, after signing, SIGHASH should also be appended. in this time(DER), SIGHASH is 1 byte(0x01), as seen in the raw transaction. So how long SIGHASH is?

  2. in the pizza transaction, the r takes 33 bytes, whit 0x00 in the first. When i use ecdsa in python, i have to delete the first byte 0x00. So when DER process, why not just use 32 bytes.

Michael Folkson
  • 15,313
  • 3
  • 17
  • 53
KHJUAF403456ZS3K564WAEF
  • 81
  • 2

1 Answers1

2

So how long SIGHASH is?

The sighash type is a number (it is 1, 2, 3, 129, 130, 131; or since BIP341/BIP342 also 0). It doesn't have a length per se.

When computing the signature hash, the sighash type is serialized as a 4-byte value at the end of the message. In the signature itself, it is serialized as a 1-byte value.

I can't tell you why Bitcoin's creator chose to serialize a value that fits in 1 byte as 4 bytes in the signature hash, but perhaps it was intended for future extensions.

in the pizza transaction, the r takes 33 bytes, whit 0x00 in the first. When i use ecdsa in python, i have to delete the first byte 0x00. So when DER process, why not just use 32 bytes.

Since BIP66 it is a network rule that signatures must use the minimal DER encoding. The pizza transaction predates the introduction of that rule.

Pieter Wuille
  • 105,497
  • 9
  • 194
  • 308